IR Plan Checklist
Transcript of IR Plan Checklist
-
8/17/2019 IR Plan Checklist
1/1
THE INCIDENT RESPONSE PLAN CHECKLIST
Have an incident response plan in place before you experience an incident. Be sure that your IR plan
includes the following 10 items to ensure the incident response progresses as smoothly as possible:
®
ITEM 1: Idenfy the Fundamentals
Response Team Membership
Incident Alert Hotlines
Incident Response Roles and Responsibilies Incident Response Plan Approvals and Revision Dates
ITEM 2: Establish a Contact List
Incident Response Experts
Legal Authories
Legal Counsel
Interested and Connected Pares
ITEM 3: Establish Definions for Events & Incidents
ITEM 4: Detail the Phases of the Incident Response Plan
Alert – The method to report an incident
Triage – Knowing the difference between an event and an incident
Invesgate – Idenfy the scope and source of damage
Contain – Prevent the spread of damage
Eradicate – Remove the source of damage
Recover – Restore systems to secure operaonsLessons Learned – Eliminate the root cause
ITEM 5: Flow Charts for Incident & Event Response
ITEM 6: Establish Status Communicaons Plan
Establish Mechanism for Communicaon
Define Schedule for Status Updates
ITEM 7: Incident Response FormsTriage Worksheet
Observaons and Diary Log
Inventory of Affected Assets
Authories & Interested Pares Contacted
Chain of Custody Form
Impact Analysis Worksheet
Root Cause Analysis Form
Internal Invesgaon Report
ITEM 8: Connuous Improvement Procedures
Updang the Incident Response Plan
Approval Procedures for the Incident Response Plan
ITEM 9: Detail Communicaons Guidance & Examples
Internal Communicaons
Breach Noficaon LeerPress Release
ITEM 10: Include a Glossary and Definions
Have these forms prepared and ready
to go before an incident strikes.
Educate all team members on the phases
and acons of Incident Response.
Ensure team members are operang from
the same set of facts before the incident
response plan is put into acon.
FOR EMERGENCIES
800.925.05INCIDENT RESPONSE HOT
NON EMERGENCY
847.221.0200OFFICE